阻止流氓軟件自動下載
序言:昨天玩游戲時使用輔助腳本,但是在打開后會自動下載2345壓縮軟件安裝包,讓人糾結。
以下如何避免惡意腳本自動下載流氓軟件:主要通過更改hosts文件
- 可以猜測到腳本是通過http協議下載的安裝包,找出url地址將其定向為127.0.0.1(或者其他IP也可以)
-
下載輔助腳本
http://www.lanzous.com/u/609428933?t將其命名為1.exe -
使用strings(LINUX軟件)查找靜態字符串
$ strings 1.exe | grep 'http.*://' http://pan.lanzou.com/p/609428933?t http://www.520cxzm.com/fz/fz.html http://www.520cxzm.com/ http://www.520cxzm.com/down/cx.html http://www.520cxzm.com/buy/ https://jq.qq.com/?_wv=1027&k=5pfEFY1 http://web.3366.com/meishi/ http://my.4399.com/yxmsdzls/ http://pan.lanzou.com/u/609428933 http://www.kelepan.com/space_fenghuo_4825.html http://pan.baidu.com/s/1bn3YBGN %http://www.globalsign.net/repository/03 "http://crl.globalsign.net/root.crl0 &https://www.globalsign.com/repository/03 "http://crl.globalsign.net/root.crl0 +http://crl.globalsign.net/Timestamping1.crl0 %http://www.globalsign.net/repository/0 &https://www.globalsign.com/repository/0 -http://crl.globalsign.com/gs/gscodesigng2.crl0 4http://secure.globalsign.com/cacert/gscodesigng2.crt04 (http://ocsp2.globalsign.com/gscodesigng20 http://www.233zm.com/bbyz.html http://www.chinadiary.com/blog-50895-809236.htm http://www.lanzous.com/u/609428933?t http://xiazai.zol.com.cn/detail/15/149406.shtml http://wpa.qq.com/msgrd?v=3&uin=294712662&site=qq&menu=yes http://www.520cxzm.com/zx/12.html http://my.4399.com/yxwmpy/play-sid-1-site-2_1-ref-news-channel-news-randsj-0.46407446218654513 http://www.233zm.com/cx.html# " "http://dh.4399fx.com/#id" https://jifendownload.2345.cn/jifen_2345/p8_k66279710_v2.0.exe http://dh-cfg.liuxue789.cn/dh.jb https:// http:// http://rj.baidu.com/soft/detail/17153.html?ald, http:// -
其中有一個
https://jifendownload.2345.cn/jifen_2345/p8_k66279710_v2.0.exe很明顯就是2345壓縮包地址了 -
修改windows的hosts文件,增加
127.0.0.1 jifendownload.2345.cn
現在就不會再下載了